8839c991a093ce44e7b65e84189f99e064bb6869664a298f5803d91b9370d957

Sharing

Copy URL Twitter E-mail

General

Target

8839c991a093ce44e7b65e84189f99e064bb6869664a298f5803d91b9370d957
Size

856KB
MD5

9cc339a758ccdd1ccb179c0e93d0c35b
SHA1

0f39c0e187c64a2197d3d0ee886e86ca91434819
SHA256

8839c991a093ce44e7b65e84189f99e064bb6869664a298f5803d91b9370d957
SHA512

fd3f149dd274ac612a6d5b07a68a22f26e5b621364f24f3bcdb1349671ddfff3648f4c804124c3110978cb4b13e8a25a50d669b4830fa9b5b14c21c3cab53e36
SSDEEP

24576:Uq7sqaAYgXe4i7ojhsP5Lgrk1TWb4AN5:Uq7s0ve30jaNf1TWbdz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8839c991a093ce44e7b65e84189f99e064bb6869664a298f5803d91b9370d957

Files

8839c991a093ce44e7b65e84189f99e064bb6869664a298f5803d91b9370d957
.exe windows:6 windows x64 arch:x64

528f929c8b6ba66722608d4ae6d29c28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

X:\rgsc_streams\rgl\feature_metadata\build\stub\ReleaseMetadata\RglStub.pdb

Imports

kernel32

GetModuleHandleW
VerSetConditionMask
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetModuleFileNameW
VerifyVersionInfoW
OutputDebugStringW
IsDebuggerPresent
WriteFile
FormatMessageA
K32GetModuleFileNameExW
K32EnumProcessModules
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcessId
SystemTimeToFileTime
GetSystemTime
CreateMutexW
ReleaseMutex
SetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
ReadFile
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
DeleteFileW
CreateFileW
CreateDirectoryW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExA
GetProcAddress
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
SetFilePointer
CreateEventW
GetCurrentThreadId
UnregisterWaitEx
MoveFileW
RegisterWaitForSingleObject
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
GetLocalTime
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead

user32

MessageBoxW
MessageBoxIndirectW
LoadStringW

shell32

ShellExecuteW
ShellExecuteExW
SHGetKnownFolderPath
CommandLineToArgvW

msvcp140

?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
_Xtime_get_ticks
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xbad_function_call@std@@YAXXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

shlwapi

PathFindFileNameW

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty

vcruntime140

__std_exception_destroy
strchr
_purecall
wcsstr
memset
memmove
memcpy
__current_exception
_CxxThrowException
__current_exception_context
__std_exception_copy
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
exit
terminate
_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_initterm_e
_c_exit
_set_app_type
_configure_wide_argv
_invoke_watson
_register_onexit_function
_initialize_onexit_table
_initterm
_get_wide_winmain_command_line
abort
_seh_filter_exe
_invalid_parameter_noinfo
_initialize_wide_environment
_cexit
_errno

api-ms-win-crt-stdio-l1-1-0

ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
__stdio_common_vsnprintf_s
fflush
fclose
_get_stream_buffer_pointers
ungetwc
fputwc
fgetwc
__stdio_common_vsscanf
__stdio_common_vswscanf
fgetc
__p__commode
_set_fmode
__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

_wcsicmp
_strnicmp
strncmp
strncpy_s
strcpy_s
strcat_s
tolower
toupper
towlower
towupper

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

ole32

CoTaskMemFree

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

528f929c8b6ba66722608d4ae6d29c28

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

msvcp140

shlwapi

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

ole32

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 133KB - Virtual size: 132KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 133KB - Virtual size: 132KB

.reloc
Size: 568KB - Virtual size: 572KB